Ecommerce Europe, the European Digital Media Association (EDiMA), the European Payments Institutions Federation (EPIF), The Computer And Communications Industry Association (CCIA) and the Electronic Money Association (EMA) have joined forces to call on European policy-makers to rethink their approach to digital payment security in the revised Payments Services Directive (PSD2).
If adopted in its current form, the PSD2 – currently under negotiation between the Council of the EU and the European Parliament – would stifle innovation in the area of remote authentication mechanisms for digital payments. It would oblige EU payments providers to deploy a historical form of authentication known as “two factor authentication”, described in the latest draft of PSD2 as the “strong authentication” method.
More advanced and equally secure methods of payment authentication, based on modern technologies, are already available. These methods can guarantee a high level of security of digital payment transactions without causing friction to the customer experience when shopping online. These methods are not reflected in the definition of strong customer authentication in the current draft PSD2.
“Security of customers when they pay online is a number one priority for e-commerce and payment service providers in Europe” said Zuzana Púčiková, chair of the EDiMA Payments Working Group, “but it is equally important to ensure that customers can pay easily and conveniently, otherwise they simply won’t shop online. This would harm the customer choice as well as Europe’s economy and competitiveness at large.”
“The definition of strong customer authentication does not acknowledge the emergence of a host of remote authentication mechanisms that are used by innovative financial service providers to deliver increased levels of integrity and authenticity protection to electronic transactions with reduced impact to the customer experience. The current definition can inhibit the deployment of new innovative customer authentication mechanisms by PSPs in the EEA” said Thaer Sabri, CEO of the Electronic Money Association.
Paul Alfing, chair of the Payments Committee at Ecommerce Europe, added: “for online business, trust is crucial. But, a monolithic and uniform authentication system – as the PSD2 proposal suggests – leaves EU consumers more vulnerable. If hackers only have a single system to work their way around, once they break into the systems there will be a domino effect impacting all the EU payment service providers at once with huge negative consequences for trust”.
Sarah Sheehan, Chair of EPIF, stated that: “To ensure regulations supports innovation, EU policy makers should allow the industry to look at new technologies in payment authentication and use them by demonstrating to their home regulators that these new authentication methods will keep consumers adequately protected. At the moment, the PSD2 text does not allow them that flexibility”.
James Waterworth, Vice-President, Europe for CCIA, concluded: “Just as the Commission asserts that payments are the oil in the wheels in the internal market, innovation in the online payments space oils the wheels of the digital single market. Without new ideas that make payments faster, more seamless and more secure we risk those wheels grinding to a halt”.